This is the mail archive of the mailing list for the GCC project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH] __builtin_object_size improvements

On Fri, 5 Jun 2009, Jakub Jelinek wrote:

> On Fri, Jun 05, 2009 at 01:22:25PM -0700, Richard Henderson wrote:
> > Richard Guenther wrote:
> >> On Fri, 5 Jun 2009, Richard Henderson wrote:
> >>
> >>> Jakub Jelinek wrote:
> >>>> The patch below implements both of these, with the exception that if
> >>>> the field is at the end of the structure and base is INDIRECT_REF,
> >>>> __bos (x, 1) behaves like __bos (x, 0), because there is tons of code out
> >>>> there that uses arrays at the end of a structure instead of flexible array
> >>>> members and I wouldn't like to break code like:
> >>>> struct A { int i; char c[1]; };
> >>>> struct A *p = malloc (sizeof (*p) + strlen ("abcde"));
> >>>> strcpy (p->c, "abcde");
> >>> I'd prefer that this exception only be made if that last array length is
> >>> exactly 1, not any trailing array.
> >>
> >> There are many other variants around - we hit this with the array
> >> bound warnings.  So I think we have to treat all trailing arrays
> >> the same.
> >
> > Guh.  Well, ok then.
> The patch currently treats that way all last fields, guess I should limit
> that to last fields with array type only.
> struct A { char a[10]; char b; } *p;
> shouldn't allow strcpy (&p->b, "abc");


> Not sure about:
> struct B { int i; struct A { char b; char a[10]; } j; } *p;
> strcpy (&p->j.a[3], "abcdefghijklmnop");
> (in this case there is array as last field in struct A, but struct A itself
> is not in array).

Unless struct A is wrapped inside a union and that union is the outermost
thing this would be also disallowed.  (yes we have that case in GCC ...,
luckily not with chars)

> Or:
> struct B { int i; struct A { char b; char a[10]; } j[1]; } *p;
> strcpy (&p->j[0].a[3], "abcdefghijklmnop");
> In this case both last fields involved are arrays, but still if
> the outer array were to be treated as "flexible", it would cross different
> fields, so I'd say we should disallow this too.

Right.  Only outermost (with the exception of union wrapping) trailing
arrays should be treated flexible.

> strcpy ((char *) &p->j[0], "abcdefghijklmnop");
> This should be probably considered valid.

Uh.  Maybe - there was some fortify mode that allowed to cross fields
I guess.  But we may end up (or maybe not any longer) fold this to

> Do you agree?

Basically yes.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]